Skip to content

Commit 5d2fe48

Browse files
author
Côme Chilliet
committed
Some more string conversion handling, fixing bug #77958
1 parent c219d8d commit 5d2fe48

File tree

2 files changed

+94
-29
lines changed

2 files changed

+94
-29
lines changed

ext/ldap/ldap.c

Lines changed: 39 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1456,8 +1456,8 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
14561456
{
14571457
zval *link, *base_dn, *filter, *attrs = NULL, *attr, *serverctrls = NULL;
14581458
zend_long attrsonly, sizelimit, timelimit, deref;
1459-
zend_string *ldap_filter, *tmpstring;
1460-
char *ldap_base_dn = NULL, **ldap_attrs = NULL;
1459+
zend_string *ldap_filter = NULL, *ldap_base_dn = NULL, *tmpstring;
1460+
char **ldap_attrs = NULL;
14611461
ldap_linkdata *ld = NULL;
14621462
LDAPMessage *ldap_res;
14631463
LDAPControl **lserverctrls = NULL;
@@ -1527,11 +1527,10 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
15271527
zend_hash_internal_pointer_reset(Z_ARRVAL_P(base_dn));
15281528
} else {
15291529
nbases = 0; /* this means string, not array */
1530-
/* If anything else than string is passed, ldap_base_dn = NULL */
1531-
if (Z_TYPE_P(base_dn) == IS_STRING) {
1532-
ldap_base_dn = Z_STRVAL_P(base_dn);
1533-
} else {
1534-
ldap_base_dn = NULL;
1530+
ldap_base_dn = zval_get_string(base_dn);
1531+
if (EG(exception)) {
1532+
ret = 0;
1533+
goto cleanup;
15351534
}
15361535
}
15371536

@@ -1546,6 +1545,10 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
15461545
} else {
15471546
nfilters = 0; /* this means string, not array */
15481547
ldap_filter = zval_get_string(filter);
1548+
if (EG(exception)) {
1549+
ret = 0;
1550+
goto cleanup;
1551+
}
15491552
}
15501553

15511554
lds = safe_emalloc(nlinks, sizeof(ldap_linkdata), 0);
@@ -1563,18 +1566,20 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
15631566
if (nbases != 0) { /* base_dn an array? */
15641567
entry = zend_hash_get_current_data(Z_ARRVAL_P(base_dn));
15651568
zend_hash_move_forward(Z_ARRVAL_P(base_dn));
1566-
1567-
/* If anything else than string is passed, ldap_base_dn = NULL */
1568-
if (Z_TYPE_P(entry) == IS_STRING) {
1569-
ldap_base_dn = Z_STRVAL_P(entry);
1570-
} else {
1571-
ldap_base_dn = NULL;
1569+
ldap_base_dn = zval_get_string(entry);
1570+
if (EG(exception)) {
1571+
ret = 0;
1572+
goto cleanup_parallel;
15721573
}
15731574
}
15741575
if (nfilters != 0) { /* filter an array? */
15751576
entry = zend_hash_get_current_data(Z_ARRVAL_P(filter));
15761577
zend_hash_move_forward(Z_ARRVAL_P(filter));
15771578
ldap_filter = zval_get_string(entry);
1579+
if (EG(exception)) {
1580+
ret = 0;
1581+
goto cleanup_parallel;
1582+
}
15781583
}
15791584

15801585
if (argcount > 8) {
@@ -1590,7 +1595,7 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
15901595
php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
15911596

15921597
/* Run the actual search */
1593-
ldap_search_ext(ld->link, ldap_base_dn, scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &rcs[i]);
1598+
ldap_search_ext(ld->link, ZSTR_VAL(ldap_base_dn), scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &rcs[i]);
15941599
lds[i] = ld;
15951600
zend_hash_move_forward(Z_ARRVAL_P(link));
15961601
}
@@ -1615,10 +1620,15 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
16151620
efree(rcs);
16161621
} else {
16171622
ldap_filter = zval_get_string(filter);
1623+
if (EG(exception)) {
1624+
ret = 0;
1625+
goto cleanup;
1626+
}
16181627

1619-
/* If anything else than string is passed, ldap_base_dn = NULL */
1620-
if (Z_TYPE_P(base_dn) == IS_STRING) {
1621-
ldap_base_dn = Z_STRVAL_P(base_dn);
1628+
ldap_base_dn = zval_get_string(base_dn);
1629+
if (EG(exception)) {
1630+
ret = 0;
1631+
goto cleanup;
16221632
}
16231633

16241634
ld = (ldap_linkdata *) zend_fetch_resource_ex(link, "ldap link", le_link);
@@ -1638,7 +1648,7 @@ static void php_ldap_do_search(INTERNAL_FUNCTION_PARAMETERS, int scope)
16381648
php_set_opts(ld->link, ldap_sizelimit, ldap_timelimit, ldap_deref, &old_ldap_sizelimit, &old_ldap_timelimit, &old_ldap_deref);
16391649

16401650
/* Run the actual search */
1641-
errno = ldap_search_ext_s(ld->link, ldap_base_dn, scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &ldap_res);
1651+
errno = ldap_search_ext_s(ld->link, ZSTR_VAL(ldap_base_dn), scope, ZSTR_VAL(ldap_filter), ldap_attrs, ldap_attrsonly, lserverctrls, NULL, NULL, ldap_sizelimit, &ldap_res);
16421652

16431653
if (errno != LDAP_SUCCESS
16441654
&& errno != LDAP_SIZELIMIT_EXCEEDED
@@ -2560,7 +2570,8 @@ PHP_FUNCTION(ldap_modify_batch)
25602570
{
25612571
zval *serverctrls = NULL;
25622572
ldap_linkdata *ld;
2563-
zval *link, *mods, *mod, *modinfo, *modval;
2573+
zval *link, *mods, *mod, *modinfo;
2574+
zend_string *modval;
25642575
zval *attrib, *modtype, *vals;
25652576
zval *fetched;
25662577
char *dn;
@@ -2736,13 +2747,6 @@ PHP_FUNCTION(ldap_modify_batch)
27362747
php_error_docref(NULL, E_WARNING, "A '" LDAP_MODIFY_BATCH_VALUES "' array must have consecutive indices 0, 1, ...");
27372748
RETURN_FALSE;
27382749
}
2739-
modval = fetched;
2740-
2741-
/* is the data element a string? */
2742-
if (Z_TYPE_P(modval) != IS_STRING) {
2743-
php_error_docref(NULL, E_WARNING, "Each element of a '" LDAP_MODIFY_BATCH_VALUES "' array must be a string");
2744-
RETURN_FALSE;
2745-
}
27462750
}
27472751
}
27482752

@@ -2805,14 +2809,20 @@ PHP_FUNCTION(ldap_modify_batch)
28052809
for (j = 0; j < num_modvals; j++) {
28062810
/* fetch it */
28072811
fetched = zend_hash_index_find(Z_ARRVAL_P(vals), j);
2808-
modval = fetched;
2812+
modval = zval_get_string(fetched);
2813+
if (EG(exception)) {
2814+
RETVAL_FALSE;
2815+
ldap_mods[i]->mod_bvalues[j] = NULL;
2816+
num_mods = i + 1;
2817+
goto cleanup;
2818+
}
28092819

28102820
/* allocate the data struct */
28112821
ldap_mods[i]->mod_bvalues[j] = safe_emalloc(1, sizeof(struct berval), 0);
28122822

28132823
/* fill it */
2814-
ldap_mods[i]->mod_bvalues[j]->bv_len = Z_STRLEN_P(modval);
2815-
ldap_mods[i]->mod_bvalues[j]->bv_val = estrndup(Z_STRVAL_P(modval), Z_STRLEN_P(modval));
2824+
ldap_mods[i]->mod_bvalues[j]->bv_len = ZSTR_LEN(modval);
2825+
ldap_mods[i]->mod_bvalues[j]->bv_val = estrndup(ZSTR_VAL(modval), ZSTR_LEN(modval));
28162826
}
28172827

28182828
/* NULL-terminate values */

ext/ldap/tests/bug77958.phpt

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
--TEST--
2+
ldap_modify_batch() - bug 77958 - values in ldap_modify_batch must be "string"
3+
--CREDITS--
4+
Côme Chilliet <[email protected]>
5+
--SKIPIF--
6+
<?php require_once('skipif.inc'); ?>
7+
<?php require_once('skipifbindfailure.inc'); ?>
8+
--FILE--
9+
<?php
10+
require "connect.inc";
11+
12+
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
13+
insert_dummy_data($link, $base);
14+
15+
$mods = array(
16+
array(
17+
"attrib" => "telephoneNumber",
18+
"modtype" => LDAP_MODIFY_BATCH_ADD,
19+
"values" => array(
20+
123456
21+
)
22+
),
23+
array(
24+
"attrib" => "description",
25+
"modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL
26+
)
27+
);
28+
29+
var_dump(
30+
ldap_modify_batch($link, "cn=userA,$base", $mods),
31+
$entry = ldap_first_entry($link, ldap_read($link, "cn=userA,$base", "(telephoneNumber=*)")),
32+
ldap_get_values($link, $entry, "telephoneNumber")
33+
);
34+
?>
35+
===DONE===
36+
--CLEAN--
37+
<?php
38+
require "connect.inc";
39+
40+
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
41+
42+
remove_dummy_data($link, $base);
43+
?>
44+
--EXPECTF--
45+
bool(true)
46+
resource(%d) of type (ldap result entry)
47+
array(3) {
48+
[0]=>
49+
string(14) "xx-xx-xx-xx-xx"
50+
[1]=>
51+
string(6) "123456"
52+
["count"]=>
53+
int(2)
54+
}
55+
===DONE===

0 commit comments

Comments
 (0)